[RP]: Finding Malware Like Iron Man
Nice presentation:
“Finding Malware Like Iron Man” by Corey Harrell
Nice presentation:
“Finding Malware Like Iron Man” by Corey Harrell
“Scapy Guide – The Release” provides a link to the new “Very Unofficial Dummies Guide to Scapy” … definitely worth a look.
Someday I started getting the following errors in the web interface of ELSA when trying to search something:
"Warnings: node 127.0.0.1 got error $VAR1 = undef; , node 127.0.0.1 got error $VAR1 = undef; , node 127.0.0.1 got error $VAR1 = undef;"
Steps which solved the issue for me:
Nice blog post with a great summary on the topic:
“[…] Operate under the assumption that your network is compromised. Quit spending so much money trying to defend everything; that is like trying to put a fence around a national park. Focus on trouble areas, or those of the greatest concern, or that mean the most impact if something goes wrong. Quit thinking of your network as a castle, when the attacker has mortars and missiles. If you are losing the war, and losing most battles, at least try to protect your most valuable assets as best you can. […]”
Great post about leadership and security:
The Needs of the Many – Becoming a Servant Security Leader
Great comic by xkcd: Is It Worth the Time?
Just out of frustration I’ve started to write my own little IT security notebook. One day 🙂 it should contain all little facts I need to keep in my “protein computer” but can’t manage to do so. It will be updated as I learn stuff and as needed.
If you find it useful or if you’ve found a bug: drop me a line.
tested on: Security Onion 12.04 (as of 2013-03-29)
In the class “FOR558: Network Forensics” (SANS London 2012) we got a sample PCAP of a custom DNS tunneling in action.
Because I wanted to continue learning Python and digging deeper into network protocols I decided to create a Python script to analyse this custom DNS tunneling.
Decisions:
The paper “Building an Early Warining System” by Securosis starts by detailing the typical situation: you can’t get ahead of the threat, security is inherent reactive. You have to use tools to be as close to the threat as possible. An Early Waning System can be one of the tools.
“A good hockey player plays where the puck is. A great hockey player plays where the puck is going to be.” – Wayne Gretzky